a) CMMI - Capability Maturity Model for Software

The CMMI describes the principles and practices underlying software process maturity and is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. CMMI is organized into five maturity levels. A maturity level is a well-defined evolutionary plateau toward achieving a mature software process. Each maturity level provides a layer in the foundation for continuous process improvement.

The Five Maturity Levels
1. Initial - The software process is characterized as ad hoc, and occasionally even chaotic. Few processes are defined, and success depends on individual effort and heroics.
2. Repeatable - Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications.
3. Defined - The software process for both management and engineering activities is documented, standardized, and integrated into a standard software process for the organization. All projects use an approved, tailored version of the organization's standard software process for developing and maintaining software.
4. Managed - Detailed measures of the software process and product quality are collected. Both the software process and products are quantitatively understood and controlled.
5. Optimizing - Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies.

b) ISO 20000:2005 – IT Service Management                                                                                                            

ISO/IEC 20000-1:2005 defines the requirements for a service provider to deliver managed services. It is based on BS 15000-2, which has been superseded. It may be used

     •  by businesses that are going out to tender for their services.
     •  to provide a consistent approach by all service providers in a supply chain.
     •  to benchmark IT service management.
     •  as the basis for an independent assessment.
     •  to demonstrate the ability to meet customer requirements.
     •  to improve services.

ISO/IEC 20000-1:2005 promotes the adoption of an integrated process approach to effectively deliver managed services to meet business and customer requirements resulting in greater efficiency and opportunities for continual improvement.

Organizations require increasingly advanced facilities (at minimum cost) to meet their business needs. With the increasing dependencies in support services and the diverse range of technologies available, service providers can struggle to maintain high levels of customer service. Working reactively, they spend too little time in planning, training, reviewing, investigating, and working with customers. The result is a failure to adopt structured, proactive working practices. Those same service providers are being asked for improved quality, lower costs, greater flexibility, and faster response to customers.

In contrast, effective service management delivers high levels of customer service and customer satisfaction. It also recognizes that services and service management are essential to helping organizations generate revenue and be cost-effective. The ISO/IEC 20000 series enables service providers to understand how to enhance the quality of service delivered to their customers, both internal and external.

c) ISMS - ISO 27001:2005                                                                                                                                           

Security requirements in any organisation, large, medium or small, are in effect derived from three sources.

First source of security requirements is the unique set of security risks to the assets of an organisation's information systems. These risks are a combination of the threats and vulnerabilities to the assets and the potential impact of these security risks on the business.

The second source of security requirements are those statutory and contractual requirements that an organisation, its trading partners, contractors and service providers have to satisfy. For example, all organisations need to:

  1. comply with data protection requirements, as appropriate;
  2. comply with any copyright restrictions that might apply;
  3. safeguard organisational records.

In addition, an organisation may need to satisfy a set of contractual requirements such as those that might be established with the organisation being a customer or supplier of products and services.

The third source of security requirements are those principles, objectives and requirements for information security that an organisation has developed to support its business operations. These could be derived from corporate directives and /or international best practices on Information Security Management such as British Standard ISO 27001
                                                                                                                                                                                           
© - 2007 SGQ Innovations.
Designed & Maintained by vdezin.com